How to programatically use SSH Tunnel to access Gluu LDAP from different server in enclave

How to programatically use SSH Tunnel to access Gluu LDAP from different server in enclave

By: Rahul Gupta
user22 Jan 2018 at 9:22 p.m. CST

3 Responses

Hello,
I have a NodeJS application running on a different server from the Gluu server, but in the same enclave. I want to be able to access the Gluu LDAP programatically.
Per this:
https://support.gluu.org/identity-management/4991/ldapsearch-cant-access-gluu-server-got-ldap_sasl_interactive_bind_s-cant-contact-ldap-server-1/
“It's not possible to access Gluu Server's LDAP data from outside of it's own VM. You need to create a reverse tunnel from your computer to do that. Here is an example: https://gluu.org/docs/ce/3.1.1/user-management/local-user-management/”
And per this:
https://support.gluu.org/identity-management/4253/cant-connect-to-openldap-externally/
“Yes, by default it's not allowed to read Gluu ldap data from outside. You can create a reverse tunnel to your Gluu Server's ldapS address and then use this tunneling to access ldap data with your ldap browser.”
Per this, programmatically accessing a tunnel through SSH should work:
https://stackoverflow.com/questions/1244717/accessing-ldap-through-ssh-tunnel
“Yes, ssh has a "-L" option to create a tunnel. That option takes 3 parameters, separated by colons (:). Local listen port, remote host, remote port.
ssh -L 9999:ldapserver:389 user@otherhost
Where 9999 is the local port that the tunnel will be created on. The ldapserver:389 bit tells it where to connect to on the other side.
Then, tell your application to connect to localhost:9999 (or whatever port you choose) and it will be tunneled across.”
I’m a little unclear as to how this would work in terms of keeping a constant tunnel open.
Would it make more sense to install NodeJS on the Gluu server and then run a program that uses the NodeJS tunnel library here?:
https://www.npmjs.com/package/tunnel
Thanks!

By Mohib Zico
staff25 Jan 2018 at 6:50 a.m. CST

>> Are there Firewall settings within Gluu configuration? I don't see them in the configuration GUI
Firewall configuration is standard system administration job and fall into 'Platform support'; Gluu supply only software....
>> and we don't have iptables installed on the CentOS server that houses Gluu.
You can always install iptables/firewalld or ufw and configure firewall according to your need.